[SOLVED] LDAP or AD via windows

samalombo · 02-24-2012, 12:35 AM

I gents.

I want to change our actual authentication mode from nis to LDAP or AD, therefore I would like to know what do you suggest and why?

Satyaveer Arya · 02-24-2012, 01:31 AM

Which linux OS you are using?

samalombo · 02-24-2012, 03:20 AM

I am using Redhat 5R2

Satyaveer Arya · 02-24-2012, 03:34 AM

When your machine is connected to a network, you can change the authentication method you set during installation or afterwards. Users are administered centrally on a NIS and LDAP server for all systems in the network.
Checkout this link: http://docs.redhat.com/docs/en-US/Re...ntication.html

samalombo · 02-24-2012, 04:11 AM

Hi Dear.
But you did not told me between LDAP and AD Windows acthentication what is better and why?

Satyaveer Arya · 02-26-2012, 02:58 PM

Active Directory is a database based system that provides authentication, directory, policy, and other services in a Windows environment

LDAP (Lightweight Directory Access Protocol) is an application protocol for querying and modifying items in directory service providers like Active Directory, which supports a form of LDAP.

LDAP is a standard, AD is Microsoft's (proprietary) implementation (and more). Wikipedia has a good article that delves into the specifics. I found this document with a very detailed evaluation of AD from an LDAP perspective.

LDAP is a protocol specification for directory data.

Active Directory is Microsoft's Implementation of an LDAP based directory server.

AD also has custom extensions ontop of the LDAP v3 spec such as account lockout, password expiration, etc.

Active Directory isn't just an implementation of LDAP by Microsoft, that is only a small part of what AD is. Active Directory is (in an overly simplified way) a service that provides LDAP based authentication with Kerberos based Authorization.

Of course their LDAP and Kerberos implementations in AD are not exactly 100% interoperable with other LDAP/Kerberos implementations...

There are lots of systems that support LDAP to talk to them, not just Active Directory.

Sun, IBM, Novell all have directory services that are very effective as LDAP servers.

Short answer: AD is a directory services database, and LDAP is one of the protocols you can use to talk to it.

So, the conclusion is LDAP is better according to me..

samalombo · 02-27-2012, 12:43 AM

Dear Satyaveer.
Many thanks for you replay and now I am well clerified.

manyrootsofallevil · 02-27-2012, 01:36 AM

Quote:

Originally Posted by samalombo

Dear Satyaveer.
Many thanks for you replay and now I am well clerified.

The other question is which version of Windows you want to use?

I've got a couple of posts on how to join (RHEL6 or CentOS 6.2) to a 2k3 or 2k8 domain.

I believe that the way authentication to LDAP works in RHEL6 has changed with respect to RHEL5, so I don't know how much of it will be applicable.

I've not been able to get SSO working, [hesitates ..] yet

Satyaveer Arya · 02-27-2012, 01:37 AM

Good to know that the topic is clear to you now.

Satyaveer Arya · 02-27-2012, 01:39 AM

Now if your problem has been solved, you can mark the thread as SOLVED.